[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: Antwort: [FW1] OT - newbie question about PING
Dimitris, I agree with your assessment, that icmp can be used for all sorts of nasty things. The solution I usually implement is this: Allow only certain users/hosts to use outbound ping and allow only the necessary icmp reply packets back in. There's a FAQ at www.phoneboy.com on how to set this up exactly. I think, since version 4.0 FW-1 is even able to do stateful inspection for imcp?! Cheers Ralf G. z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z Ralf Guenthner, Senior IT Security Consultant Zentric GmbH & Co. KG - IT Security & Groupware Solutions Office Phone: +49-6101-556060 Fax: +49-6101-556065 mailto:[email protected] http://www.zentric.com +z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|